Lucene search

K
rockyRockylinux Product ErrataRLSA-2022:5821
HistoryAug 02, 2022 - 7:04 a.m.

virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

2022-08-0207:04:52
Rockylinux Product Errata
errata.rockylinux.org
11

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

55.5%

An update is available for libguestfs, libnbd, libtpms, libguestfs-winsupport, nbdkit, supermin, libiscsi, hivex, libvirt, netcf, perl-Sys-Virt, seabios, qemu-kvm, swtpm, virt-v2v, sgabios, libvirt-dbus, libvirt-python.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.

Security Fix(es):

  • QEMU: QXL: integer overflow in cursor_alloc() can lead to heap buffer overflow (CVE-2021-4206)

  • QEMU: QXL: double fetch in qxl_cursor() can lead to heap buffer overflow (CVE-2021-4207)

  • QEMU: virtio-net: map leaking on error during receive (CVE-2022-26353)

  • QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak (CVE-2022-26354)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Rocky Linux 9.0 guest with vsock device migration failed from Rocky Linux 9.0 > Rocky Linux 8.6 (BZ#2071103)

  • Fail to rebuild the reference count tables of qcow2 image on host block devices (e.g. LVs) (BZ#2072242)

  • Remove upstream-only devices from the qemu-kvm binary (BZ#2077928)

  • When doing a cpu-baseline between skylake and cascadelake, cascadelake is selected as baseline. (BZ#2084030)

  • Virt-v2v can’t convert Rocky Linux8.6 guest from VMware on Rocky Linux8.6 (BZ#2093415)

Enhancement(s):

  • Allow memory prealloc from multiple threads (BZ#2075569)

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

55.5%